CVE-2004-0748

MEDIUM

Description

mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.

References

http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096

http://www.novell.com/linux/security/advisories/2004_30_apache2.html

http://www.redhat.com/support/errata/RHSA-2004-349.html

http://www.trustix.org/errata/2004/0047/

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750

https://exchange.xforce.ibmcloud.com/vulnerabilities/17200

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126

Details

Source: MITRE

Published: 2004-10-20

Updated: 2018-05-03

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*

Tenable Plugins

View all (11 total)

ID	Name	Product	Family	Severity
37076	FreeBSD : apache2 -- SSL remote DoS (7b81fc47-239f-11d9-814e-0001020eed82)	Nessus	FreeBSD Local Security Checks	medium
15898	Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02)	Nessus	MacOS X Local Security Checks	high
14766	GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
14752	Mandrake Linux Security Advisory : apache2 (MDKSA-2004:096)	Nessus	Mandriva Local Security Checks	high
14748	Apache 2.0.x < 2.0.51 Multiple Vulnerabilities (OF, DoS)	Nessus	Web Servers	medium
2292	Apache < 2.0.51 IPv6 Remote Buffer Overflow	Nessus Network Monitor	Web Servers	medium
14667	SUSE-SA:2004:030: apache2	Nessus	SuSE Local Security Checks	medium
2254	Apache < 2.0.51 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
14624	RHEL 3 : httpd (RHSA-2004:349)	Nessus	Red Hat Local Security Checks	medium
12293	Apache 2.x < 2.0.50 Multiple Remote DoS	Nessus	Web Servers	medium
800564	Apache < 2.0.51 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	medium